Senior Security Engineer - Incident Response

Are you looking for a new challenge? Fancy helping us shape the future of motor insurance? Prima could be the place for you. Since 2015, we've been using our love of data and tech to rethink motor insurance and bring drivers a great experience at a great price. Our story began in Italy, where we've quickly become the number one online motor insurance provider. In fact, we're trusted by over 4 million drivers. And now we're expanding to help millions more drivers in the UK and Spain.

To help fuel that growth, we need a Security Engineer focused on Incident Response to join our Security Team . The Engineering Department is the beating heart of Prima. You'll be joining over 300 engineers across software development, infrastructure, operations and security: fueled by curiosity, experimentation and collaboration, you'll help deliver scalable, impactful solutions that shape the future of insurance. Excited to make an impact? Here are the details What you'll do:

• Strengthen EDR/XDR and DLP configurations.
• Define new automatic detections of security events in our SIEM.
• Improve automatic enrichment and integration with SIEM/SOAR.
• Automate security alerts triage and Incident Response playbooks.
• Define runbooks to be used during Incident Response.
• Lead and execute Table Top eXercises (TTX) with different actors and teams.
• Lead by example during investigation and response of security alerts.
• Oversee the on-call shifts.
• Collaborate on all the activities of the Security Engineering team.

• Hands-on experience with SIEM and SOAR platforms.
• Hands-on experience with Crowdstrike or similar EDR/XDR solutions.
• Hands-on experience with MDM solutions.
• Hands-on experience in AWS and K8s (EKS) security.
• Proficiency in scripting and programming languages (e.g., Python, Rust).
• Availability in on-call shifts to guarantee 24x7 security support.
• Strong English communication skills, with the ability to collaborate effectively with multidisciplinary teams.
• Self-motivated and proactive, with strong problem-solving skills and accountability for deliverables.
• Experience working in an Agile environment.

Nice-to-have

• Relevant certifications such as GCIH, GCFA, GREM, GCIA, or similar are preferred.
• Hands-on experience with Google Chronicle.
• Hands-on experience with Web Application Firewall configuration (e.g., Cloudflare).
• Proficiency on using CI/CD systems and Infrastructure as Code (e.g., Python Pulumi).
• Knowledge of Cloud Control Frameworks (e.g. CIS, CSA, NIST).
• Web and mobile application security knowledge.
• Experience in security research, bug bounty programs or CTFs.

Work Your Way: Enjoy full flexibility - work from home, the office or a mix of both. Plus, work from anywhere for up to 30 days a year. ? This is a full remote position and we're considering candidates located in Italy, Spain or UK. \uD83C\uDFC1 Grow with us: We may move fast at Prima, but we move together. Get access to learning resources, mentorship and a growth plan tailored to you. \uD83C\uDF08 Thrive and perform: Your best work begins when you feel your best. Enjoy private healthcare, gym discounts, wellbeing programs and mental health support.